We are planning to migrate our application from an iOS In‑App Purchase (IAP) subscription flow to an external web purchase flow. The intended user journey is: The user taps a “Subscribe” button in the app. The user is redirected to a web-based checkout to complete the purchase. The user returns to the app, and subscription access is unlocked based on entitlement verification from our backend. Our app is currently listed in the Education category. Before we begin this refactor, we would like confirmation on the following: Entitlements / permissions Do we need to request any specific Apple entitlements or approvals to implement this external purchase flow (e.g., external link or alternative payment related permissions)? Compliance / review requirements Are there any specific App Review compliance checks, disclosures, or review process requirements we must satisfy when moving from IAP to an external purchase flow? If relevant, are there constraints based on app category (Education) or product type (subscription)?

I have an open NFC Value-Added Services entitlement case (17370116) with Apple Wallet Entitlements. My request was acknowledged, information provided, but the case appears to have been split into duplicates and stalled. Is there a way to have the case consolidated and routed back to the Wallet Entitlements team?

Environment: Device: iPhone 15 iOS Version: 26.2 Xcode Version: (add your version) Signing: Automatic with Apple Developer account Problem: When calling NFCTagReaderSession.begin(), the session immediately fails with error code 2: "Missing required entitlement". This happens even though: NFCTagReaderSession.readingAvailable returns true NFCNDEFReaderSession.readingAvailable returns true The session object is created successfully Configuration verified: BonoResidente.entitlements: Info.plist (relevant keys): NFCReaderUsageDescription This app needs NFC permission to read transport cards com.apple.developer.nfc.readersession.iso7816.select-identifiers D2760000850101 Apple Developer Portal: App ID com.acalvoelorri.BonoResidente has "NFC Tag Reading" capability enabled Provisioning profiles were regenerated after enabling the capability Xcode: "Near Field Communication Tag Reading" capability added via Signing & Capabilities CODE_SIGN_ENTITLEMENTS correctly points to the entitlements file Automatic signing enabled with valid Development Team Steps taken: Deleted app from device Clean Build Folder (Cmd+Shift+K) Deleted and re-added the NFC capability in Xcode Manually enabled NFC Tag Reading in Apple Developer Portal Rebuilt and reinstalled the app Code: import CoreNFC class NFCReaderService: NSObject, ObservableObject, NFCTagReaderSessionDelegate { @Published var lastReadData: String = "" @Published var isReading: Bool = false private var session: NFCTagReaderSession? func startReading() { guard NFCTagReaderSession.readingAvailable else { lastReadData = "NFC not available on this device" return } session = NFCTagReaderSession( pollingOption: [.iso14443, .iso15693, .iso18092], delegate: self ) session?.alertMessage = "Hold your transport card near the iPhone" session?.begin() isReading = true } func tagReaderSessionDidBecomeActive(_ session: NFCTagReaderSession) { print("NFC session active") } func tagReaderSession(_ session: NFCTagReaderSession, didInvalidateWithError error: Error) { // Error occurs here immediately after begin() print("Error: \(error)") } func tagReaderSession(_ session: NFCTagReaderSession, didDetect tags: [NFCTag]) { // Never reached } } Console logs: ========== NFC DEBUG INFO ========== iOS Version: 26.2 Device Model: iPhone Device Name: iPhone System Name: iOS NFCTagReaderSession.readingAvailable: true NFCNDEFReaderSession.readingAvailable: true Bundle ID: com.acalvoelorri.BonoResidente Creating NFCTagReaderSession with pollingOption: [.iso14443, .iso15693, .iso18092]... Session created: Optional(<NFCTagReaderSession: 0x110fa50e0>) Setting alertMessage... Calling session.begin()... session.begin() completed, isReading = true ========== NFC ERROR DEBUG ========== Full error: Error Domain=NFCError Code=2 "Missing required entitlement" UserInfo={NSLocalizedDescription=Missing required entitlement} Error type: NFCError Localized: Missing required entitlement NSError domain: NFCError NSError code: 2 NSError userInfo: ["NSLocalizedDescription": Missing required entitlement] Questions: Is there a known issue with NFCTagReaderSession entitlements on iOS 26.2? Are there additional entitlements required beyond com.apple.developer.nfc.readersession.formats with value TAG? How can I verify that the installed app's provisioning profile actually contains the NFC entitlement? Any help would be appreciated. Thank you.

I have opened a case with the apple developer support a month ago and they have not replied, since then I sent multiple other emails and opened more cases requesting them to get a status update about my case. So far I am being ignored, no reply or anything it is very frustrating, what can I do to get someone to help me with the apple developer team?

I have two apps - say A and B in my AppStore account, deployed in the AppStore. App A has obtained the com.apple.developer.usernotifications.filtering entitlement and this is added to my AppStore account by Apple after approval. Note that this is added for the account, and not for the specific app. Now, my app B also wants this functionality. Followed all the steps as done for app A - adding the already approved entitlement to my app B's identifier, regenerating the profiles, adding the key in the entitlements file, calling the completion handler with empty content like - contentHandler(UNNotificationContent()) Still the notifications show, the filtering is not working. Do I have to request the entitlement for App B separately? Even if I do request again, I am not sure if there is going to be any difference in the steps already done. The difference can only be if Apple has a mapping with the app id internally in their system, for the filtering to work? If I have white-labelled versions of apps A or B, do I have to request again then? Or does Apple restrict only one app to have this entitlement from one AppStore account? Please guide on the next steps here.

Hi, Since Xcode 26.2 beta 1, till now (I thought RC or actual release will solve this issue) I have problems exporting archive to appstore via Xcode Cloud (locally everything works and using Xcode 26.2 I was able to submit app to AppStore). Build is archived successfully but during export I get an error Exporting for App Store Distribution failed. Please download the logs artifact for more information. In xcodebuild-export-archive.log I see multiple attempts & errors like this 2025-12-13T08:29:34.040644840Z 2025-12-13 00:29:33.900 xcodebuild[10889:58988] DVTServices: Sending request 9A4173F4-CD87-4A76-95FC-501B4D11EF22 to <http://172.16.55.70:8089/services/v1/capabilities> for session DVTFoundation.DVTServicesSessionProxy. 2025-12-13T08:29:34.040647258Z Method: POST 2025-12-13T08:29:34.040648780Z 2025-12-13T08:29:34.040650230Z Headers: 2025-12-13T08:29:34.040651730Z { 2025-12-13T08:29:34.040653539Z Accept = "application/vnd.api+json"; 2025-12-13T08:29:34.040655403Z "Accept-Encoding" = "gzip, deflate"; 2025-12-13T08:29:34.040673847Z "Content-Length" = 124; 2025-12-13T08:29:34.040675883Z "Content-Type" = "application/vnd.api+json"; 2025-12-13T08:29:34.040677903Z "User-Agent" = Xcode; 2025-12-13T08:29:34.040681998Z "X-HTTP-Method-Override" = GET; 2025-12-13T08:29:34.040684468Z "X-Xcode-Version" = "26.2 (17C52)"; 2025-12-13T08:29:34.040686326Z } 2025-12-13T08:29:34.040688028Z 2025-12-13T08:29:34.040689711Z Payload: 2025-12-13T08:29:34.040692163Z {"urlEncodedQueryParams":"teamId=8CKLLLC9UE&filter%5BreferenceType%5D=bundle&filter%5BincludeRequestable%5D=true&limit=200"} 2025-12-13T08:29:34.308538247Z 2025-12-13 00:29:34.208 xcodebuild[10889:58988] DVTServices: Received response for 9A4173F4-CD87-4A76-95FC-501B4D11EF22 @ <http://172.16.55.70:8089/services/v1/capabilities>. Code = 0 2025-12-13T08:29:34.308555026Z 2025-12-13 00:29:34.208 xcodebuild[10889:58988] DVTServices: Response payload: { 2025-12-13T08:29:34.308557639Z "errors" : [ { 2025-12-13T08:29:34.308569919Z "id" : "0316154c-332b-4f9d-a90a-5770d4f8dc1a", 2025-12-13T08:29:34.308573588Z "status" : "400", 2025-12-13T08:29:34.308575871Z "code" : "PARAMETER_ERROR.INVALID", 2025-12-13T08:29:34.308578343Z "title" : "A parameter has an invalid value", 2025-12-13T08:29:34.308581767Z "detail" : "A parameter 'filter[includeRequestable]' has an invalid value : ''includeRequestable' is not a valid field name.'", 2025-12-13T08:29:34.308584989Z "source" : { 2025-12-13T08:29:34.308587270Z "parameter" : "filter[includeRequestable]" 2025-12-13T08:29:34.308589531Z } 2025-12-13T08:29:34.308591437Z } ] 2025-12-13T08:29:34.308593381Z } 2025-12-13T08:29:34.308595389Z 2025-12-13T08:29:34.308597297Z 2025-12-13T08:29:34.308600188Z 2025-12-13 00:29:34.208 xcodebuild[10889:58988] DVTServices: Could not fetch capabilities from network due to error: error = 'A parameter has an invalid value' When I use Xcode 26.1.1 to export the same commit, eveything works and workflow sends build to AppStoreConnect, any ideas what might cause this issue? Unfortunately I need to use Xcode 26.2 if I want to use tabViewBottomAccessory(isEnabled:content:) bcs even though this api is available since iOS 26.1, it's not available in Xcode 26.1

Hi everyone, I'm trying to add the Side Button Access entitlement to my voice-based conversational app following the documentation, but I'm unable to find it in Xcode. Steps I followed: Selected my app target in Xcode project navigator Went to the Signing & Capabilities tab Clicked the + Capability button Searched for "Side Button Access" Problem: The "Side Button Access" option does not appear in the capabilities list at all. Environment: I'm developing and testing in Japan (where this feature should be available) Xcode version: Xcode 26.2 beta 3 iOS deployment target: iOS 26.2 Questions: Is there any pre-registration or special approval process required from Apple before this entitlement becomes available? Are there any additional requirements or prerequisites I need to meet? Is this feature already available, or is it still in a limited beta phase? Any guidance would be greatly appreciated. Thank you!

I'm developing a watchOS nap app that detects when the user falls asleep by monitoring heart rate changes. == Technical Implementation == HKWorkoutSession (.mindAndBody) for background execution HKAnchoredObjectQuery for real-time heart rate data CoreMotion for movement detection == Battery Considerations == Heart rate monitoring ONLY active when user explicitly starts a session Monitoring continues until user is awakened OR 60-minute limit is reached If no sleep detected within 60 minutes, session auto-ends (user may have abandoned or forgotten to stop) App displays clear UI indicating monitoring is active Typical session: 15-30 minutes, keeping battery usage minimal == The Problem == HKWorkoutSession affects Activity Rings during the session. Users receive "Exercise goal reached" notifications while resting — confusing. == What I've Tried == Not using HKLiveWorkoutBuilder → Activity Rings still affected Using builder but not calling finishWorkout() (per https://developer.apple.com/forums/thread/780220) → Activity Rings still affected WKExtendedRuntimeSession (self-care type) (per https://developer.apple.com/forums/thread/721077) → Only ~10 min runtime, need up to 60 min HKObserverQuery + enableBackgroundDelivery (per https://developer.apple.com/forums/thread/779101) → ~4 updates/hour, too slow for real-time detection Audio background session for continuous processing (suggested in https://developer.apple.com/forums/thread/130287) → Concerned about App Store rejection for non-audio app; if official approves this technical route, I can implement in this direction Some online resources mention "Health Monitoring Entitlement" from WWDC 2019 Session 251, but I could not find any official documentation for this entitlement. Apple Developer Support also confirmed they cannot locate it? == My Question == Is there any supported way to: Monitor heart rate in background for up to 60 minutes WITHOUT affecting Activity Rings or creating workout records? If this requires a special entitlement or API access, please advise on the application process. Or allow me to submit a code-level support request. Any guidance would be greatly appreciated. Thank you!

I´m tring to integrate InApp push provisioning but when I send the information from the issuer to SDK to add my debit card to wallet I saw this error: PKPassKitErrorDomain Code 2 error Looking in the forum I found how to see part of the logs to get more detail on the error and I found: POST https://pr-pod9-smp-device.apple.com:443/broker/v4/devices/04131B65D01590022288082867404947F3CCA674C3D41F3C/cards/683986c983984251b9aecfc8ff51d88a/enable 'Error Domain=PKPaymentWebServiceErrorDomain Code=0 "Error inesperado." UserInfo={PKErrorHTTPResponseStatusCodeKey=500, NSLocalizedDescription=Error inesperado.

Hi, We applied for Tap to Pay on iPhone entitlement and were approved, but on distribution support it's only showing Development. We can build and debug Tap to Pay on development, but unable to build release. We opened ticket with Apple support but they were saying it was configured correctly. I attached screenshot of our developer account entitlement for Tap to Pay. It clearly said Development only.

Dear We try to generate IPA with Xcode Cloud but this task fail in Export archive phase (Export archive for app-store distribution). The error that appear in the archive logs is: error: exportArchive Provisioning profile "iOS Team Store Provisioning Profile: cl.app.myapp" doesn't include the com.apple.CommCenter.fine-grained entitlement. Any idea about to resolve this problem ? king regards

Question based on the https://developer.apple.com/forums/thread/649172 What is the mechanics of using this entitlement? What should be done in the UNNotificationServiceExtension in order to prevent the display of a notification for the user? Just pass an empty UNNotificationContent object to contentHandler or something else?

Hi there, I'm trying to work on an architecture where one app exposes an API (Extension Host) that other apps can plugin to. I've been reading all I can from the docs and whatever I can find online. It seemed like iOS26 added the ability to do such a thing (at least in early builds). Is that the case? Has the functionality been walked back such that extensions can only be loaded in iOS from within the single app bundle? My use case is the following: I'm working on an agent app that desires to have 3rd party developers add functionality (think how MCP servers add functionality to LLMs). The 3rd party plugins would be provided in their own app bundles vetted by the AppStore review team, of course, and would only provide hooks, basically, the main app can use to execute functions or get state. This is the best thread I found on the topic, and the subtext is that it needs to be in the same bundle. https://developer.apple.com/forums/thread/803896?answerId=865314022#865314022 Let's say for the moment that this isn't possible using ExtensionKit. What's the best way to achieve this? Our current best alternative idea is a hidded WebKit window that runs JS/WASM but that's so hackish. Please let me know, thanks!

This issue keeps cropping up on the forums and so I decided to write up a single post with all the details. If you have questions or comments: If you were referred here from an existing thread, reply on that thread. If not, feel free to start a new thread. Use whatever topic and subtopic is appropriate for your question, but also add the Entitlements tag so that I see it. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = "eskimo" + "1" + "@" + "apple.com" Determining if an entitlement is real In recent months there’s been a spate of forums threads involving ‘hallucinated’ entitlements. This typically pans out as follows: The developer, or an agent working on behalf of the developer, changes their .entitlements file to claim an entitlement that’s not real. That is, the entitlement key is a value that is not, and never has been, supported in any way. Xcode’s code signing machinery tries to find or create a provisioning profile to authorise this claim. That’s impossible, because the entitlement isn’t a real entitlement. Xcode reports this as a code signing error. The developer misinterprets that error [1] in one of two ways: As a generic Xcode code signing failure, and so they start a forums thread asking about how to fix that problem. As an indication that the entitlement is managed — that is, requires authorisation from Apple to use — and so they start a forums thread asking how to request such authorisation. The fundamental problem is step 1. Once you start claiming entitlements that aren’t real, you’re on a path to confusion. Note If you’re curious about how provisioning profiles authorise entitlement claims, read TN3125 Inside Code Signing: Provisioning Profiles. There are a couple of ways to check whether an entitlement is real. My preferred option is to create a new test project and use Xcode’s Signing & Capabilities editor to add the corresponding capability to it. Then look at what Xcode did. You might find that Xcode claimed a different entitlement, or added an Info.plist key, or did nothing at all. IMPORTANT If you can’t find the correct capability in the Signing & Capabilities editor, it’s likely that this feature is available to all apps, that is, it’s not gated by an entitlement or anything else. Another thing you can do is search the documentation. The vast majority of real entitlements are documented in Bundle Resources > Entitlements. IMPORTANT When you search for documentation, focus on the Apple documentation. If, for example, you search the Apple Developer Forums, you might be mislead by other folks who are similarly confused. If you find that you’re mistakenly trying to claim a hallucinated entitlement, the fix is trivial: Remove it from your .entitlements file so that your app starts to build again. Then add the capability using Xcode’s Signing & Capabilities editor. This will do the right thing. If you continue to have problems, feel free to ask for help here on the forums. See the top of this post for advice on how to do that. [1] Xcode 26.2, currently being seeded as Release Candidate, is much better about this (r. 155327166). Give it a whirl! Commonly Hallucinated Entitlements This section lists some of the more commonly hallucinated entitlements: com.apple.developer.push-notifications — The correct entitlement is aps-environment (com.apple.developer.aps-environment on macOS), documented here. There’s also the remote-notification value in the UIBackgroundModes property. com.apple.developer.in-app-purchase — There’s no entitlement for in-app purchase. Rather, in-app purchase is available to all apps with an explicit App ID (as opposed to a wildcard App ID). com.apple.InAppPurchase — Likewise. com.apple.developer.storekit — Likewise. com.apple.developer.in-app-purchase.non-consumable — Likewise. com.apple.developer.in-app-purchase.subscription — Likewise. com.apple.developer.app-groups — The correct entitlement is com.apple.security.application-groups, documented here. And if you’re working on the Mac, see App Groups: macOS vs iOS: Working Towards Harmony. com.apple.developer.background-modes — Background modes are controlled by the UIBackgroundModes key in your Info.plist, documented here. UIBackgroundModes — See the previous point. com.apple.developer.voip-push-notification — There’s no entitlement for this. VoIP is gated by the voip value in the UIBackgroundModes property. com.apple.developer.family-controls.user-authorization — The correct entitlement is com.apple.developer.family-controls, documented here. IMPORTANT As explained in the docs, this entitlement is available to all developers during development but you must request authorisation for distribution. com.apple.developer.device-activity — The DeviceActivity framework has the same restrictions as Family Controls. com.apple.developer.managed-settings — If you’re trying to use the ManagedSettings framework, that has the same restrictions as Family Controls. If you’re trying to use the ManagedApp framework, that’s not gated by an entitlement. com.apple.developer.callkit.call-directory — There’s no entitlement for the Call Directory app extension feature. com.apple.developer.nearby-interaction — There’s no entitlement for the Nearby interaction framework. com.apple.developer.secure-enclave — On iOS and its child platforms, there’s no entitlement required to use the Secure Enclave. For macOS specifically, any program that has access to the data protection keychain also has access to the Secure Enclave [1]. See TN3137 On Mac keychain APIs and implementations for more about the data protection keychain. com.apple.developer.networking.configuration — If you’re trying to configure the Wi-Fi network on iOS, the correct entitlement is com.apple.developer.networking.HotspotConfiguration, documented here. com.apple.developer.musickit — There is no MusicKit capability. Rather, enable MusicKit via the App Services column in the App ID editor, accessible from Developer > Certificates, Identifiers, and Profiles > Identifiers. com.apple.mail.extension — Creating an app extension based on the MailKit framework does not require any specific entitlement. com.apple.security.accessibility — There’s no entitlement that gates access to the Accessibility APIs on macOS. Rather, this is controlled by the user in System Settings > Privacy & Security. Note that sandboxed apps can’t use these APIs. See the Review functionality that is incompatible with App Sandbox section of Protecting user data with App Sandbox. com.apple.developer.adservices — Using the AdServices framework does not require any specific entitlement. [1] While technically these are different features, they are closely associated and it turns out that, if you have access to the data protection keychain, you also have access to the SE. Revision History 2025-12-09 Updated the Xcode footnote to mention the improvements in Xcode 26.2rc. 2025-11-03 Added com.apple.developer.adservices to the common hallucinations list. 2025-10-30 Added com.apple.security.accessibility to the common hallucinations list. 2025-10-22 Added com.apple.mail.extension to the common hallucinations list. Also added two new in-app purchase hallucinations. 2025-09-26 Added com.apple.developer.musickit to the common hallucinations list. 2025-09-22 Added com.apple.developer.storekit to the common hallucinations list. 2025-09-05 Added com.apple.developer.device-activity to the common hallucinations list. 2025-09-02 First posted.

I'm working on a multi-process macOS application (based on Chromium/Electron) that uses Mach ports for inter-process communication between the main app and its helper processes. Background I have an MAS build working successfully via TestFlight for internal testing. However, public TestFlight testing requires Apple review, and while waiting for that review, I wanted to provide a directly distributable build for external testers. I attempted to create a Developer ID signed build with App Sandbox enabled, expecting it to behave similarly to the MAS build. The Problem With App Sandbox enabled (com.apple.security.app-sandbox) and identical entitlements, I observe different behavior depending on the signing certificate: Apple Distribution certificate: App launches successfully, mach-register and mach-lookup work Developer ID certificate: App crashes at launch, mach-register is denied by sandbox The Console shows this sandbox violation for the Developer ID build: Sandbox: MyApp(13605) deny(1) mach-register XXXXXXXXXX.com.mycompany.myapp.MachPortRendezvousServer.13605 The crash occurs when the app calls bootstrap_check_in() to register a Mach service for child process communication. What I've tried Adding com.apple.security.temporary-exception.mach-register.global-name with wildcard pattern XXXXXXXXXX.com.mycompany.myapp.MachPortRendezvousServer.* to the main app's entitlements - this resolved the mach-register denial. However, helper processes then fail with mach-lookup denial. Adding com.apple.security.temporary-exception.mach-lookup.global-name with the same wildcard pattern to the main app's entitlements (for inheritance) does not work. Analysis of /System/Library/Sandbox/Profiles/application.sb I examined macOS's App Sandbox profile and found that mach-register.global-name supports wildcard patterns via select-mach-filter: (sandbox-array-entitlement "com.apple.security.temporary-exception.mach-register.global-name" (lambda (name) ... (let ((mach-filter (select-mach-filter name global-name-prefix global-name))) (allow mach-register mach-filter)))) But mach-lookup.global-name does not - it only accepts exact names: (sandbox-array-entitlement "com.apple.security.temporary-exception.mach-lookup.global-name" (lambda (name) (allow mach-lookup (global-name name)))) Since the Mach service name includes the PID (e.g., ...MachPortRendezvousServer.13605), it's impossible to specify exact names in entitlements. I also verified that com.apple.security.application-groups grants mach-register and mach-lookup only for service names prefixed with the group ID (e.g., group.com.mycompany.myapp.), which doesn't match the TEAMID.bundleid. prefix used by Chromium's MachPortRendezvousServer. My questions What mechanism allows Apple Distribution signed apps to use mach-register and mach-lookup for these service names without temporary exceptions? I don't see any certificate-based logic in application.sb. Is there a way to achieve the same behavior with Developer ID signing for testing purposes? Related threads https://developer.apple.com/forums/thread/747005 https://developer.apple.com/forums/thread/685601 https://developer.apple.com/forums/thread/128714 (confirms temporary-exception can be used freely for Developer ID apps) Environment macOS 15.6 (Sequoia) Xcode 16.4 Both certificates from the same Apple Developer account

Hi everyone, after enabling CloudKit in my project, my app started showing conflicts between MusicKit and CloudKit entitlements — and now Xcode is failing to generate the provisioning profile entirely. Current issue (Signing / Provisioning Profile Failure) Xcode shows this error: “Provisioning profile ‘iOS Team Provisioning Profile: team8.groovefy.dev’ doesn’t include the entitlements: com.apple.developer.media-library, com.apple.developer.music-user-token, com.apple.developer.musickit, com.apple.developer.playable-content, com.apple.security.exception.mach-lookup.global-name” Automatic signing fails, and Xcode cannot create or update the provisioning profile. This started right after CloudKit was enabled in the project. Context Before enabling CloudKit, MusicKit worked normally, including Apple Music authentication and playlist creation. After activating CloudKit capabilities: MusicKit stopped generating the Apple Music user token Playlist creation broke Now the provisioning profile cannot be rebuilt because the required MusicKit-related entitlements are no longer included Even after removing CloudKit entirely, the issue persists — as if the App ID or entitlements on the server side became inconsistent or corrupted. I already tried: Recreating App Identifier Recreating provisioning profiles Resetting capabilities Cleaning and reinitializing the Xcode project settings But Xcode still refuses to generate a valid provisioning profile that includes the MusicKit entitlements. Summary Enabling CloudKit caused MusicKit entitlements to collide, and now the provisioning profile no longer includes the required MusicKit entitlements — preventing the app from signing, running, or creating playlists. If anyone has faced this type of entitlements/provisioning corruption or knows how to reset the App ID entitlements on Apple’s side, any help would be greatly appreciated.

Hello everyone, I am developing a Flutter iOS application that includes a Widget Extension + Live Activity (ActivityKit). The project runs successfully on the iOS simulator when launched directly from Xcode, but it cannot be signed properly via Flutter and I cannot upload the build to App Store Connect due to the following CodeSign error: Command CodeSign failed with a nonzero exit code Provisioning profile "…" doesn't include the entitlement: com.apple.developer.activitykit.allow-third-party-activity This error never goes away no matter what I try. And the main problem is that my App ID does NOT show any ActivityKit or Live Activity capability in the Apple Developer portal → Identifiers → App ID. So I cannot enable it manually. However: Xcode requires this entitlement Flutter requires this entitlement When I add the entitlement manually in the .entitlements file, Xcode says: “This entitlement must be enabled in your Developer account. It cannot be added manually.” So I am stuck in a loop where: Apple Developer portal does not show ActivityKit capability Xcode demands the ActivityKit entitlement Signing fails App Store upload fails And Live Activity is a critical feature of my app What I have already done ✔ “Automatically manage signing” is enabled ✔ Correct Team is selected for both Runner and the Widget Extension ✔ Bundle IDs are correct: com.yksbuddy.app com.yksbuddy.app.TimerWidgetExtension ✔ Deleted Derived Data completely ✔ Tried removing all ActivityKit-related entitlement keys manually ✔ Deleted Pods, reinstalled, rebuilt ✔ App Group settings match between Runner and Extension ✔ The same Live Activity code works perfectly in a clean Xcode-only project ✔ But fails only inside a Flutter project structure ✔ Xcode builds & runs on simulator, but App Store upload always fails due to missing entitlement Core Problem: In my Apple Developer “Identifiers → App ID” page, the Live Activity / ActivityKit capability does NOT appear at all, so I cannot enable: Live Activities ActivityKit Third-party activity entitlement Without being able to enable this capability, I cannot create a valid provisioning profile that includes: com.apple.developer.activitykit.allow-third-party-activity Flutter + Xcode insists this entitlement must exist, but Apple Developer portal does not give any option to enable it.

We are developing a messaging app which sends End-to-End encrypted data. The application supports multiple types of E2EE data, including text messages and voice over IP calls. Apple's article titled “Sending End-to-End Encrypted VoIP calls” (https://developer.apple.com/documentation/callkit/sending-end-to-end-encrypted-voip-calls) states that the following steps are required to support E2EE VoIP calls: Request permission to receive remote notifications through the User Notifications framework Register for VoIP calls using PuskKit Add a Notification Service Extension target to your app. Add the com.apple.developer.usernotifications.filtering entitlement to the NSE target’s entitlements file. We have completed steps one through three. We are still missing the filtering entitlement. As of right now the system does not allow us to use reportNewIncomingVoIPPushPayload(_:completion:) method because of the missing entitlement.
 Below is a short description of how our messaging app works: User sends a message to another user. The message is encrypted on device and sent to our server. The server receives the message and sends a notification request to APNs if needed. The server cannot decrypt the message. As an additional security feature we do not pass the encrypted message in the notification payload. The notification payload only contains a localizable generic placeholder message string and default sound in the ‘aps’ dictionary part. Upon receiving a notification from our server, the NSE makes a request to our server and fetches the latest messages (encryption keys have already been exchanged between the participants of the conversation) and determines what to do next (display a banner, or pass a call to CallKit). E2EE VoIP calls are a core feature of our app, so it is imperative that we receive the filtering entitlement. Our capability request has been rejected twice now. The latest request was rejected because: Support for VoIP calls should be provided by PushKit. For more information, please consult the documentation page "Responding to Notifications from PushKit". We cannot support VoIP calls by solely relying on PushKit. Our server cannot make a distinction when to use ‘voip’ (call) and ‘alert’ (text message) apns-push-types. Therefore, the application must be able to use reportNewIncomingVoIPPushPayload(_:completion:) function, where com.apple.developer.usernotifications.filtering entitlement is needed. We have sent the above text to support two weeks ago and made yet another request. Has anyone been able to get the capability as of late? What are the magic words that need to be included in the capability request? Can someone here help us? We made the first request on 3rd of September so this process has taken two months. Our planned release date is coming up and the absence of the capability is holding us back. We already have a released desktop and Android versions so changing the server implementation is really not an option.

Provisioning profiles created for my App ID are not including the Push Notifications capability, even though Push Notifications is enabled in the App ID configuration in Apple Developer Portal. I have enabled Push Notifications for my App ID (com.abc.app) in the Apple Developer Portal. The capability shows as enabled and saved. However, when provisioning profiles are generated (either manually or through third-party tools like Expo Application Services), they do not include: The Push Notifications capability The aps-environment entitlement This results in build failures with the following errors: Provisioning profile "*[expo] com.abc.app AppStore [timestamp]" doesn't support the Push Notifications capability. Provisioning profile "*[expo] com.abc.app AppStore [timestamp]" doesn't include the aps-environment entitlement. Steps Taken ✅ Enabled Push Notifications in App ID configuration (com.mirova.app) ✅ Saved the App ID configuration multiple times ✅ Waited for Apple's systems to sync (waited 5-10 minutes) ✅ Removed and re-added Push Notifications capability (unchecked, saved, re-checked, saved) ✅ Created Push Notification key in Apple Developer Portal ✅ Verified Push Notifications is checked and saved in App ID ❌ Provisioning profiles still created without Push Notifications capability Expected Behavior When Push Notifications is enabled for an App ID, any provisioning profiles created for that App ID should automatically include: Push Notifications capability aps-environment entitlement (set to production or development) Actual Behavior Provisioning profiles are created without Push Notifications capability, even though: Push Notifications is enabled in App ID App ID configuration is saved Sufficient time has passed for sync Additional Information Push Notification Key: Created and valid (Key ID: 3YKQ7XLG9L and 747G8W2J68) Distribution Certificate: Valid and active Provisioning Profile Type: App Store distribution Third-party Tool: Using Expo Application Services (EAS) for builds, but issue persists with manually created profiles as well Questions Is there a delay or sync issue between enabling Push Notifications in App ID and it being available for provisioning profiles? Are there any additional steps required to ensure Push Notifications is included in provisioning profiles? Is there a known issue with Push Notifications capability not being included in provisioning profiles? Should I create the provisioning profile in a specific way to ensure Push Notifications is included? Environment Platform: iOS Build Type: App Store distribution Xcode Version: (via EAS cloud build) Thank you for your assistance. I've been unable to resolve this issue and would appreciate any guidance. iOS Deployment Target: Latest

Hello, I would like to clarify how link association and app-opening preferences work in iOS, specifically when a user opens a URL in a browser that can be handled by an installed application. I have noticed the following behavior: When a user taps a URL that can be opened by an app, iOS sometimes asks whether to open the link in the app or continue in the browser. After choosing an option once (for example, "Open in App" or "Stay in Browser"), it seems that this preference becomes persistent. Even after deleting the application and reinstalling it, the browser (Safari or third-party browsers) sometimes continues to open the link directly in the browser without asking the user again. In some cases, it appears impossible to reset or clear this association, and the user is not prompted again to choose how the link should be opened. My questions are: How exactly does iOS store link-handling preferences between apps and browsers? Are these preferences saved on the system level, inside Safari, or associated with the app installation itself? Is there a way for a user to manually reset or clear these link-opening associations? Should deleting and reinstalling the app reset these preferences, or is the behavior expected to persist? Is this behavior different for Universal Links, App Clips, or for regular URL scheme associations? This situation is important for us because it affects user experience, and at the moment it is difficult to understand or reproduce the internal logic behind these link associations. Thank you in advance for your clarification.